Add a synonym for window.getSelection() that FF supports. There were requests in
this bugs dupes to also support the IE only document.selection, but IE's Selection
object is too different than ours currently for that to be safe (specifically, we
don't support enough of IE's TextRange methods on our DOM Range object yet). I
filed <rdar://problem/5761233> to cover that.

dom/Document.cpp:
(WebCore::Document::getSelection): Added.

dom/Document.h:

dom/Document.idl: Ditto. JS only since this is about web compatibility.

Bug 17486: Support HTML5 Canvas.getImageData API
Support Canvas.getImageData and Canvas.createImageData

Reviewed by Sam W.

This patch adds support for all the pixel reading portions
of the HTML5 Canvas spec. There are two new types ImageData
and CanvasPixelArray which are used to provide the HTML5
ImageData object, and the required semantics for assignment
to the ImageData data array.

We only implement the CG version of ImageBuffer::getImageData,
but the logic is null safe, so this will not introduce any
crashes into other platforms, unfortunately it will result in
JS Object detection "lying" on non-CG platforms.

platform/graphics/win/GraphicsContextCairoWin.cpp: Add common
code for handling WorldTransform calls.
(WebCore::GraphicsContextPlatformPrivate::concatCTM): Change
implementation so that it only handles WorldTransform. The
Cairo update is done in GraphicsContextCairo.cpp

css/CSSStyleSelector.cpp:
(WebCore::findHash): Removed. Use find instead.
(WebCore::findSlashDotDotSlash): Changed to take a UChar* and a length.
(WebCore::findSlashSlash): Ditto.
(WebCore::findSlashDotSlash): Ditto.
(WebCore::containsColonSlashSlash): Ditto.
(WebCore::cleanPath): Change to operate on a String.
(WebCore::checkPseudoState): Changed to use a Vector as a buffer.

Fixed <rdar://problem/5057509> Repro leak of JSXMLHttpRequest and
associated objects @ www.viamichelin.it, which was probably an underlying
cause of <rdar://problem/5744037> Gmail out of memory (17455)

If SubresourceLoader::create returned NULL, we would ref() / gcProtect()
the XMLHttpRequest but think we hadn't, therefore never
calling deref() / gcUnprotect().

This could happen at gmail.com, since gmail.com attempts to send
XMLHttpRequests from unload handlers in order to gather usage statistics.
(According to comments in the code, SubresourceLoader::create returns
NULL when called from an unload handler.)

The solution is to ref() / gcProtect() only if SubresourceLoader::create
doesn't return NULL. This make sense, since we only need to protect the
request as long as it has an outstanding network transaction.

We have a few reports of KJS_MEM_LIMIT breaking important web
applications, like GMail and Google Reader. (For example, if you
simply open 12 GMail tabs, tab #12 will hit the limit.)

Firefox has no discernable JS object count limit, so any limit, even
a large one, is a potential compatibility problem.

KJS_MEM_LIMIT does not protect against malicious memory allocation,
since there are many ways to maliciously allocate memory without
increasing the JS object count.

KJS_MEM_LIMIT is already mostly broken, since it only aborts the
script that breaches the limit, not any subsequent scripts.

We've never gotten bug reports about websites that would have
benefited from an unbroken KJS_MEM_LIMIT. The initial check-in of
KJS_MEM_LIMIT (KJS revision 80061) doesn't mention a website that
needed it.

Any website that brings you anywhere close to crashing due to the
number of live JS objects will almost certainly put up the "slow
script" dialog at least 20 times beforehand.

I added an m_webFrame member to WebFrameLoaderClient. This is slightly
strange because WebFrame inherits from WebFrameLoaderClient, but this
member will be needed once we remove the inheritance, so we might as
well prepare for that now.

Reviewed by Anders.

WebCoreSupport/WebFrameLoaderClient.cpp:
(WebFrameLoaderClient::WebFrameLoaderClient): Changed to take a
WebFrame* parameter.
(WebFrameLoaderClient::hasWebView): Moved here from WebFrame.cpp.

WebFrame now inherits from a new WebFrameLoaderClient class, which
will gradually assume all FrameLoaderClient responsibilities. Once
that process is complete, WebFrame will no longer inherit from
WebFrameLoaderClient.

In this first patch, I've only moved createDocumentLoader up to the
WebFrameLoaderClient class.

<rdar://problem/5757873> Buffer overrun in DeprecatedCString::find() in WebCore
We could get a buffer overrun in DeprecatedCString::find() if the end of the
string matches a beginning portion of the substring, for example, if string is
"a" but the substring is "ab".
The code as is also will not match things correctly under certain situations
since the inner while loop increments the index. For example, we wouldn't find
a match if the string is "aab..." and the substring is "ab". Changed the
inner while loop to increment a temporary index into str.

Fix for bug 17301. CSS media queries need to use the correct viewport
when contained in documents inside iframes (rather than always using the
top-level document's viewport). CSS media queries based on the viewport
also needed to be dynamic and update as you resize the window (this is
a HOT feature). :)

support for pasteAndMatchStyle: command (see <rdar://problem/5723952>)

WebView/WebHTMLView.mm:
(-[WebHTMLView _pasteWithPasteboard:allowPlainText:matchStyle:]):
added matchStyle parameter, passed along to bridge (formerly always passed NO to bridge)
(-[WebHTMLView readSelectionFromPasteboard:]):
pass NO for new matchStyle parameter to match old behavior
(-[WebHTMLView validateUserInterfaceItemWithoutDelegate:]):
validate pasteAndMatchStyle the same way as pasteAsRichText
(-[WebHTMLView pasteAndMatchStyle:]):
just like pasteAsRichText but passes YES for matchStyle
(-[WebHTMLView pasteAsRichText:]):
pass NO for new matchStyle parameter to match old behavior
(-[WebHTMLView paste:]):
ditto

The GNUmakefile.am files make use of the LDFLAGS variable to include library
additions such as -ljpeg etc. Unfortunately, if these inclusions aren't made
in LIBADD/LDADD variables, then they are mis-ordered during the linking.

The as-needed flag discards libraries whose functions have not been needed by
earlier libraries, which therefore makes the ordering important.

This moves all -l library inclusion statements from LDFLAGS variables to
LIBADD/LDADD variables.

Fix for Bug 16753: date set methods with no args should result in NaN (Acid3 bug)
The set values result in NaN now when called with no args, NaN or +/- inf values.
The setYear, setFullYear and setUTCFullYear methods used on NaN dates work as
descripted in the standard.

Fix the layout test failure that never should have passed in the first
place by making changes to media lists actually result in the recomputation
of the style selector. Now it passes for the right reasons and not because
of dumb luck.

editing/HTMLInterchange.cpp:
(WebCore::): Return a String from convertedSpaceString.
(WebCore::convertHTMLTextToInterchangeFormat): Use a Vector instead of
a DeprecatedString to build up the return String.

html/HTMLImageLoader.cpp:
(WebCore::HTMLImageLoader::notifyFinished):
If the image had an error, make sure to do <object> fallback.

html/HTMLObjectElement.cpp:
(WebCore::HTMLObjectElement::renderFallbackContent):
Before doing fallback check if there is a MIME type mismatch between
an image type and a non-image type. If so, detach and re-attach after
storing the correct MIME type.

loader/loader.cpp:
(WebCore::Loader::didReceiveData):
Consider it an error when a 404 is encountered on a CachedResource load.

<rdar://problem/5754378> work around missing video on YouTube front page with a site-specific hack

WebCore.base.exp: Updated.

bindings/js/kjs_navigator.cpp:
(WebCore::needsYouTubeQuirk): Added. Return true on Windows only when the quirk is needed.
(WebCore::Navigator::getValueProperty): For the appVersion property, if needsYouTubeQuirk
return true, then return the empty string.

WebKit part of <rdar://problem/5754378> work around missing video on YouTube front page with a site-specific hack

WebView/WebView.mm:
(-[WebView _preferencesChangedNotification:]): Added a call to Settings::setNeedsSiteSpecificQuirks.
There are currently no site-specific quirks on Mac, but we will propagate the state
to WebCore to avoid possible mistakes later.

WebKit/win:

Reviewed by Darin and Geoff.

WebKit part of <rdar://problem/5754378> work around missing video on YouTube front page with a site-specific hack

WebView.cpp:
(WebView::notifyPreferencesChanged): Added a call to Settings::setNeedsSiteSpecificQuirks.
(WebView::setAllowSiteSpecificHacks): Added a comment about the problem Darin noticed, where
after you disable the site-specific hacks they persist until you open a new window or tweak
some other preference.

editing/DeleteSelectionCommand.cpp:
(WebCore::DeleteSelectionCommand::initializeStartEnd): The common case here
is where there are no special elements. Avoid creating VisiblePositions in
that case. Additionally, this change postpones the more expensive creation
of an upstream VisiblePosition until the last possible moment.
(WebCore::DeleteSelectionCommand::saveTypingStyleState):
(WebCore::DeleteSelectionCommand::calculateTypingStyleAfterDelete): Add an
early return for a common case: deleting characters that are all inside the
same text node. In that case the style at the start of the selection will
not change during the delete, so there is no need to save/recompute it.
(WebCore::DeleteSelectionCommand::saveFullySelectedAnchor): Early return
before VisiblePosition creation if the ends of the selection aren't enclosed
by an anchor.

platform/text/TextCodecICU.cpp:
(WebCore::getGbkEscape): Changed to use a switch instead of a HashMap, as there
are only four values.
(WebCore::gbkCallbackEscape): Check the reason why the function is called, and do not attempt
getting an escape character if it's not UCNV_UNASSIGNED.
(WebCore::gbkCallbackSubstitute): Ditto.

02/19/08:

css/CSSFontSelector.cpp:
(WebCore::CSSFontSelector::addFontFaceRule): Update for name change.

css/CSSParser.cpp:
(WebCore::CSSParser::parseFontFamily): Update to use new appendSpaceSeparated
function and String rather than DeprecatedString.

css/CSSStyleSelector.cpp:
(WebCore::CSSStyleSelector::applyProperty): Updated for name change.

css/FontFamilyValue.cpp:
(WebCore::FontFamilyValue::FontFamilyValue): Replaced code using a regular
expression with code that does the same thing more efficiently.
(WebCore::FontFamilyValue::appendSpaceSeparated): Added.
(WebCore::FontFamilyValue::cssText): Updated for name change.

css/FontFamilyValue.h: Changed DeprecatedString to String. Renamed fontName
to familyName and parsedFontName to m_familyName. Removed unused genericFamilyType
and m_genericFamilyType. Added appendSpaceSeparated so that m_familyName can
be private instead of public.

This brings performance on the phone back to old levels. Andre and I are doing
some formal testing to see exactly where we stand.

dom/Position.cpp:
(WebCore::enclosingBlockIgnoringEditability): Added. This is enclosingBlock
without the expensive editability checks. upstream and downstream can avoid
those because they do their own editability checking.
(WebCore::Position::upstream):
(WebCore::Position::downstream):

<rdar://problem/3663560> AXLink for a "name" (anchor) on same page should include an AXLinkedUIElementAttribute

bridge/mac/WebCoreAXObject.mm:
(-[WebCoreAXObject linkedUIElement]):
Returns the linked-to AX object (if the specified one is ignored by accessibility, returns the next un-ignored one by traversing the DOM).

<rdar://problem/5694920> Typing (esp. deleting) is slower due to TOT WebCore

These changes bring deleting performance back to old levels on the phone
except for deleting the first space to the right of a word, which we are
still working on.

dom/Position.cpp:
(WebCore::Position::upstream): Avoid the use of enclosingBlock when determining
if we have left the original enclosing block or entered a new one, and avoid
rootEditableElement for determining if we have changed editability. These
operations are expensive.
(WebCore::Position::downstream): Ditto.

DumpRenderTree/pthreads/JavaScriptThreadingPthreads.cpp:
(startJavaScriptThreads): Don't detach the newly created thread. The later call to stopJavaScriptThreads() tries
to pthread_join() each thread that had been created, but you can't join a detached thread!

wtf/RefCounted.h:
(WTF::RefCounted::RefCounted): Have refcounts default to 1. This allows us to start
removing the explicit initialization of RefCounted from classes and eventually we
can remove the ability to have the initial count of 0 entirely.

Runtime type library registration on Vista requires use of two new call:
RegisterTypeLibraryForUser and UnRegisterTypeLibraryForUser, which write to
HKCU. LoadTypeLib[Ex] registers under HKLM, which fails under vista due to UAC.

Fix for <rdar://5747529> - ObjC Exception can cause JSLock to never be released

Test: platform/mac/plugins/webScriptObject-exception-deadlock.html

bindings/objc/WebScriptObject.mm:
(-[WebScriptObject valueForKey:]): The line resultObj = [super valueForKey:key]; // defaults to throwing an exception
says it all - it throws an exception. This method also happens to hold the JSLock. Problematically, when the exeception
is thrown and the method exited, the JSLock is never released. Fix that without otherwise changing behavior by holding the
JSLock in two individual scopes - Right before the exception and right after.

WebKitTools:

Changes by Geoff Garen, Reviewed by Darin

Fix for <rdar://5747529> - ObjC Exception can cause JSLock to never be released

[WebScriptObject valueForKey:] might throw an exception, and previously might have "leaked" the global JSLock
This test calls valueForKey, then runs some arbitrary Javascript on a 2ndary thread. If the lock has leaked,
this series of method calls will deadlock. If things are good, it will complete successfully.

reduce use of DeprecatedString and memory allocations in processing of CSS

remove unnecessary double -> float -> double trip in the CSS parser

cleaned up names and structure in CSS grammar

css/CSSGrammar.y: Remove getPropertyID and getValueID. Both are now in CSSParser.cpp
instead, and they now work on ParseString and String objects and don't require the caller
to put the string into a char*. Gave members of the %union more sensible names, removed
duplicates, and sorted into a logical order. Put the %expect back in, rather than leaving
it commented out.

css/CSSParser.cpp:
(WebCore::equalIgnoringCase): Added.
(WebCore::hasPrefix): Added.
(WebCore::CSSParser::parseTransitionProperty): Changed to call the new cssPropertyID,
which obviates the need to call lower() and utf8() or to allocate memory at all. Also
used equalIgnoringCase rather than putting the value into a String just to compare it.
(WebCore::CSSParser::lex): Replaced convertASCIIToFloat with charactersToDouble. This change
along with the CSSGrammar.y change, removes the double -> float -> double round trip, and
affects the result of one layout test.
(WebCore::cssPropertyID): Added. Gets the property ID from the gperf hash table, but
without allocating any memory.
(WebCore::cssValueKeywordID): Ditto.

css/CSSParser.h: Removed declaration for deprecatedString function (now used only in
CSSParser.cpp; soon to be deleted). Added cssPropertyID and cssValueKeywordID functions.

css/makevalues.pl: Generate constants instead of macros for CSS value numbers (but not an
enumeration, like properties, since you rarely have any reason to handle all values, but
often have a reason to handle all properties). Renamed the constant for the number of CSS
value keywords from CSS_VAL_TOTAL to numCSSValueKeywords, and added maxCSSValueKeywordLength.

platform/text/String.cpp:
(WebCore::charactersToDouble): Made this function more efficient by using a stack buffer
rather than a CString.

LayoutTests:

Reviewed by Sam.

generate new results for the one test that was altered by the
double -> float -> double trip taken by numeric values in the
CSS parser

This test appears under three different names in three different
parts of our test suite.

bindings/js/JSCSSStyleDeclarationCustom.cpp:
(WebCore::hasCSSPropertyNamePrefix): Added.
(WebCore::cssPropertyName): Reimplement to not use DeprecatedString. Also made faster
by using a Vector<UChar> and eliminating all the string operations.

platform/graphics/Color.cpp:
(WebCore::Color::parseHexColor): Streamlined logic a bit with early returns.
Used toASCIIHexValue a character at a time rather than using toIntStrict
in base 16 mode.
(WebCore::findNamedColor): Added. Uses a fixed-size char buffer to look up
a color using the gperf-generated findColor function. Saves a memory allocation
vs. the old version that called DeprecatedString::latin1().
(WebCore::Color::setNamedColor): Changed to use findNamedColor.

css/CSSPrimitiveValueMappings.h: Add default cases to all the switch statements.
This will ease the way some day if we decide to use an enum instead of int; otherwise
we'll have a ton of "unhandled enum value" warnings here.

DerivedSources.make: Added the scripts to the ENABLE_SVG versions of the rules
for CSSPropertyNames.h and CSSValueKeywords.h. Somehow that got left out, so the
files would not be regenerated if the scripts were changed (but would if SVG was
disabled).

When navigating to a new page, we stop all outstanding PluginStreams.
Flash hangs in the call to NPP_URLNotify. It eventually displays the
"slow script" dialog, which relinquishes control to the system. While
this dialog is running, the request we are in the process of cancelling
completes, and we re-enter Flash to deliver the data. When the dialog
is dismissed, the internal state of Flash has changed, and Flash
crashes with a null dereference.

To work around this, we can defer loading before entering plug-in code,
so that even if a plug-in yields to the system, we won't get callbacks
while we're handling a callback.